April 2019
Intermediate to advanced
508 pages
11h 57m
English
After the AWS pentesting authorization form has been taken care of (or during the process), the next step would be to determine what exactly the client is expecting from the AWS pentest. Is this a red team style engagement where our activity will be actively monitored and defended against by a blue team? Is this just an audit of configuration? Is this a go as far as possible type of engagement without an activate defense against us?
Beyond that, is the client supplying us credentials? If so, credentials for how many users and what information do we get about them? If not, should we be social engineering to gain access?
Other important questions may include the following:
Read now
Unlock full access